PHPMailer 生成 PHP 警告:stream_socket_enable_crypto():对等证书与预期不匹配
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/30371910/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
PHPMailer generates PHP Warning: stream_socket_enable_crypto(): Peer certificate did not match expected
提问by Rob Gunsuka
I am using PHPMailer on PHP 5.6, the increased security around certificated in PHP 5.6 is certainly fun.
我在 PHP 5.6 上使用 PHPMailer,围绕 PHP 5.6 认证的增强安全性当然很有趣。
I am trying to send a test message to a domain hosted on dreamhost, the error that comes back from PHPMailer is: Could not connect to SMTP host.
我正在尝试向 Dreamhost 上托管的域发送测试消息,从 PHPMailer 返回的错误是:无法连接到 SMTP 主机。
That error is not right though, I have logging enabled and here is what is actually going on.
但是,该错误是不对的,我已启用日志记录,这是实际发生的情况。
Connection: opening to mx1.sub4.homie.mail.dreamhost.com:25, timeout=30, options=array ( ) Connection: opened S: 220 homiemail-mx32.g.dreamhost.com ESMTP
C: EHLO s81a.ikbb.com
S: 250-homiemail-mx32.g.dreamhost.com 250-PIPELINING 250-SIZE 40960000 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250 8BITMIME
C: STARTTLS
S: 220 2.0.0 Ready to start TLS
C: QUIT
S: SMTP ERROR: QUIT command failed: Connection: closed
连接:打开到 mx1.sub4.homie.mail.dreamhost.com:25, timeout=30, options=array ( ) 连接:打开 S: 220 homiemail-mx32.g.dreamhost.com ESMTP
C: EHLO s81a.ikbb.com
S: 250-homiemail-mx32.g.dreamhost.com 250-PIPELINING 250-SIZE 40960000 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250 8BITMIME
C: STARTTLS
S: 220 2.0.0 准备启动 TLS
C:退出
S:SMTP 错误:QUIT 命令失败:连接:关闭
I could not understand why PHPMailer just gives up, issuing a QUIT command when it should start sending the message. I got another clue from another log:
我不明白为什么 PHPMailer 只是放弃,在应该开始发送消息时发出 QUIT 命令。我从另一个日志中得到了另一个线索:
PHP Warning: stream_socket_enable_crypto(): Peer certificate CN=*.mail.dreamhost.com' did not match expected CN=mx1.sub4.homie.mail.dreamhost.com' in /home/ikbb/domains/dev.ikbb.com/public_html/includes/phpmailer/5.2.10/class.smtp.php
PHP 警告:stream_socket_enable_crypto():/ *.mail.dreamhost.com' did not match expected CN=home/ikbb/domains/dev.ikbb.com/public_html/includes/phpmailer/5.2.10/class.smtp 中的对等证书 CN= mx1.sub4.homie.mail.dreamhost.com' .php
If I use some custom options to prevent validation of the cert they are using I can get it to continue. Here is what I have:
如果我使用一些自定义选项来阻止验证他们正在使用的证书,我可以让它继续。这是我所拥有的:
$mail->SMTPOptions = array (
'ssl' => array(
'verify_peer' => false,
'verify_peer_name' => false,
'allow_self_signed' => true));
If I put the SMTPOptions in there and skip the peer verification, message goes OK - with no warning in PHP at all.
如果我将 SMTPOptions 放在那里并跳过对等验证,消息会正常 - 在 PHP 中根本没有警告。
How can I trap that error, so I know there is an issue but still send the message?
如何捕获该错误,以便我知道存在问题但仍发送消息?
回答by Jesús Amieiro
I had the same problem and I found the answer in the PHPMailer documentation.
我遇到了同样的问题,我在PHPMailer 文档中找到了答案。
PHP 5.6 certificate verification failure
PHP 5.6 证书验证失败
In a change from earlier versions, PHP 5.6 verifies certificates on SSL connections. If the SSL config of the server you are connecting to is not correct, you will get an error like this:
与早期版本不同,PHP 5.6 验证 SSL 连接上的证书。如果您连接的服务器的 SSL 配置不正确,您将收到如下错误:
Warning: stream_socket_enable_crypto(): SSL operation failed with code 1.
OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
The correct fix for this is to replace the invalid, misconfigured or self-signed certificate with a good one.Failing that, you can allow insecure connections via the SMTPOptions property introduced in PHPMailer 5.2.10 (it's possible to do this by subclassing the SMTP class in earlier versions), though this is not recommended:
对此的正确解决方法是用一个好的证书替换无效的、错误配置的或自签名的证书。如果失败,您可以通过 PHPMailer 5.2.10 中引入的 SMTPOptions 属性允许不安全的连接(可以通过在早期版本中对 SMTP 类进行子类化来做到这一点),尽管不推荐这样做:
$mail->SMTPOptions = array(
'ssl' => array(
'verify_peer' => false,
'verify_peer_name' => false,
'allow_self_signed' => true
)
);
You can also change these settings globally in your php.ini, but that's a really bad idea; PHP 5.6 made this change for very good reasons.
您也可以在 php.ini 中全局更改这些设置,但这是一个非常糟糕的主意;PHP 5.6 做出这个改变是有充分理由的。
Sometimes this behaviour is not quite so apparent; sometimes encryption failures may appear as the client issuing a QUIT immediately after trying to do a STARTTLS. If you see that happen, you should check the state of your certificates or verification settings.
有时这种行为并不那么明显;有时加密失败可能会出现,因为客户端在尝试执行 STARTTLS 后立即发出 QUIT。如果您看到这种情况,您应该检查您的证书或验证设置的状态。
回答by Chrisbot
For PHP 5.6 use the following. Adding "tls://" is the key.
对于 PHP 5.6,请使用以下内容。添加“tls://”是关键。
$mail->Host = gethostbyname('tls://smtp.gmail.com');
回答by georch
For those of you using cPanel, I tried the SMTP check codefrom the examples folder in PHPMailer and I got this same error:
对于那些使用 cPanel 的人,我尝试了PHPMailer 中示例文件夹中的SMTP 检查代码,但出现了同样的错误:
PHP Warning: stream_socket_enable_crypto(): Peer certificate CN=*.mail.dreamhost.com' did not match expected CN=mx1.sub4.homie.mail.dreamhost.com' in /home/ikbb/domains/dev.ikbb.com/public_html/includes/phpmailer/5.2.10/class.smtp.php
I realized that it was not an error related to PHPMailer, so I searched for similar errors related to CentOS and I found this link that shed some light: Issue sending mails through 3rd party. You have to take a look at "SMTP Restrictions" in cPanel.
我意识到这不是与 PHPMailer 相关的错误,所以我搜索了与 CentOS 相关的类似错误,我发现这个链接揭示了一些信息:通过 3rd party 发送邮件问题。您必须查看 cPanel 中的“SMTP 限制”。
回答by Sergey Vlasov
I had a similar problem after I've upgraded to PHP 5.6 on my WordPress machine. The WP Mail SMTP by WPForms (wp-mail-smtp) plugin were configured to use localhost as SMTP Host. I've changed it to the FQHN (Fully Qualified Host Name) as it is defined in the SSL cert. After this change it is working fine.
在我的 WordPress 机器上升级到 PHP 5.6 后,我遇到了类似的问题。WPForms (wp-mail-smtp) 插件的 WP Mail SMTP 被配置为使用 localhost 作为 SMTP 主机。我已将其更改为 SSL 证书中定义的 FQHN(完全限定主机名)。在此更改后,它工作正常。
